[Bug 502761] [NEW] Security Updates needed for kde4libs and kdebase-runtime in jaunty-backports

Scott Kitterman ubuntu at kitterman.com
Sun Jan 3 23:58:21 GMT 2010 

*** This bug is a security vulnerability ***

Public security bug reported:

kde4libs (4:4.2.2-0ubuntu5.4) jaunty-security; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: fix buffer overflow when converting string to float
    - debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
      numbers in kjs/dtoa.cpp
    - CVE-2009-0689

  [ Jonathan Riddell ]
  * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
    - Ark and KMail performs insufficient validation which leads to
      specially crafted archive files, using unknown MIME types, to be
      rendered using a KHTML instance, this can trigger uncontrolled
      XMLHTTPRequests to remote sites
    - Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
      restricts xmlhttprequest to http protocols only
    - http://www.kde.org/info/security/advisory-20091027-1.txt
    - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
    - CVE-2009-XXXX
 -- Jamie Strandboge < jamie at ubuntu.com>   Mon, 07 Dec 2009 15:25:55 -0600

   Show details    4:4.3.85-0ubuntu2     release (main)    12 days ago 
  The Karmic Koala (current stable release) 
KDE Base trunk series  8894 Delete Link     
 
   Show details    4:4.3.2-0ubuntu4     release (main)    ten weeks ago 
   Show details    4:4.3.2-0ubuntu4.1     updates, security (main)    three weeks ago 
  The Jaunty Jackalope (supported) 
KDE Base trunk series  7689 Delete Link     
 
   Show details    4:4.2.2-0ubuntu1.1     updates, security (main)    three weeks ago 
  Publishing details
Published on 2009-12-11 
Copied from ubuntu jaunty in Private PPA for Ubuntu Security Team 
Changelog
kdebase-runtime (4:4.2.2-0ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: IO Slaves input sanitization errors
   - KDE protocol handlers perform insufficient input validation, an
     attacker can craft malicious URI that would trigger JavaScript
     execution. Additionally the 'help://' protocol handler suffer from
     directory traversal. It should be noted that the scope of this
     issue is limited as the malicious URIs cannot be embedded in
     Internet hosted content.
   - Add security_01_info_kio_no_javascript.diff, stops javascript
     within info kio slave
   - http://www.kde.org/info/security/advisory-20091027-1.txt
   - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
   - CVE-2009-XXXX
 -- Jonathan Riddell < jriddell at ubuntu.com>   Mon, 07 Dec 2009 17:59:21 +0000

** Affects: jaunty-backports
     Importance: Undecided
         Status: New

** This bug has been flagged as a security vulnerability

-- 
Security Updates needed for kde4libs and kdebase-runtime in jaunty-backports
https://bugs.launchpad.net/bugs/502761
You received this bug notification because you are a member of Ubuntu
Backporters, which is the registrant for Jaunty Jackalope Backports.

More information about the ubuntu-backports mailing list